IT Disaster Planning & Business Continuity

View Poll Results: Do you have IT Disaster Recovery/Business Continuity planning?

Voters
11. You may not vote on this poll
  • We have IT DR planning

    9 81.82%
  • We have global Business Continuity planning

    4 36.36%
  • We have NO IT DR planning

    1 9.09%
  • We have NO BC planning

    0 0%
  • We are evaluating an IT DR plan.

    2 18.18%
  • We are evaluating a BC plan

    1 9.09%
  • Insurance is good enough

    0 0%
  • We have another site(s) that will take over

    3 27.27%
  • This won't happen to us

    1 9.09%
  • Our emergency personnel will protect us

    1 9.09%
Multiple Choice Poll.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: IT Disaster Planning & Business Continuity

  1. #1
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191

    IT Disaster Planning & Business Continuity

    Hi,

    This is a new forum to discuss what I consider to be a rather ignored aspect of IT security.

    Ask yourself: "what would happen if we lost our computing facility?"

    You know, a hurricane, typhoon, flood, fire, and so on. It doesn't really matter what sector you are in: school/college, .gov, .mil, .com, .net................

    As I have always seen things there are two facets to this:

    1. Recovering from an IT specific disaster.
    2. Business (organisational) continuity in the face of of a more global disaster.

    So, I thought I would post a poll to see what sort of level of penetration and awareness these concepts have.

    What I am interested in is basically:

    1. Do you have an IT disaster recovery plan?
    2. Do you have a global Business Continuity plan?
    3. Are they formally documented and disseminated?
    4. How often do you test it?
    5. Does it involve all areas/departments of your organisation?
    6. Has everyone been trained, and do they know what to do?
    7. Does it have a budget and contingency reserve fund?

    This is a new discussion forum, where I hope that we can share ideas and experiences; so please be patient (and contributive ) whilst it takes shape.

    Thanks,

    Johnno

    EDIT: Multiple choices are allowed in the above poll

    Please note, I have voted for two options because I have multiple clients, some of whom cannot have a global policy........ if your hotel or shop burns down, you cannot expect to have alternative facilities on tap?
    Last edited by nihil; November 17th, 2007 at 12:22 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #2
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    I work as an IT contractor, and my previous client was an international business, with the full cold and hot rooms set up and ready around the planet. And the war rooms were used monthly to keep the policy fresh in everyones mind .........

    Right now, I'm with the UK NHS, and their disaster recovery plans appear to be a lot less in scale, restricted to continual backups, with off site storage.
    So, yeah, it does matter who you are, and what the implications of loss would mean, that determines just how much you need to spend to ensure continuity ...............

    It also explains why I haven't put a vote up, as I do not actually work for them on a permanent basis
    Last edited by foxyloxley; November 18th, 2007 at 10:56 AM.
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi Foxy~,

    Yes, daily backup and offsite storage is pretty popular with my lot as well, especially the professionals (accountants, lawyers) who tend to have more than one office reasonably close.

    For the pubs, restaurants, hotels and guest houses this is really all they can do as a disaster would generally mean a total loss of their business.

    Also, for these small outfits their hardware can be replaced within hours.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Some of our clients do have implementations of BCM
    standards, in particular PAS56/BS 25999, in accordance with
    ISO/IEC 17799 (ISO/IEC 27002 in the new 27000 series).

    Main motivation of these clients certainly is compliance with SOX
    and/or Basel II.



    These BCM standards exactly try to minimize risks of distruptions caused
    by minor incidents or major disasters, like hurricane, earthquakes, etc.
    Part 1 of BS 25999 _is_ a code of practice and thus applicable even by SMB's.
    Nevertheless, I am wondering which SMB's really had a look at this code
    of practice let alone tried to implement them. Internally, we haven't, we
    do have a DRM and BCM though.


    I haven't said much substantial yet, but I think the effort done
    by good people should not be ignored - there is no need to re-invent
    the wheel



    As per your 7 questions. I personally think and it is my experience,
    that the points mostly ignored are 4 und 6:

    4 - Externals usually audit that the implementation is compliant
    with the standard/documentation. Whether it works at all in the specific
    case rarely is tested!

    6 - It all comes down the the people. Right before and shortly after
    the audit, usually the they have an idea of what to do. Period...



    Would be nice to have catch participating in this discussion


    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi sec_ware,

    Thanks for your contribution. The additional concept that you have added I would look at as being sort of the "interface with regulatory compliance, industry standards" and possibly even insurance provider requirements.

    I too have a certain cynicism regarding these "Standards"............. it is the same with BS, ISO and ASA.............. like I have processes that are BS9000 compliant................ all it says is that I have something documented and implemented.

    It could be the most foolish and inefficient on Earth, but I would still get my certificate.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,002
    I agree it is all well and good to have iso compliant procedures but they need to be tested once in a while and most definatly updated at least once a year.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Nihil, I was hoping that my cynicism was not so obvious I really do
    appreciate the work of a few smart people who write together formal
    considerations, sometimes even with reasonably applicable code of practices.
    However, in the end, it is as you say: you have to document something,
    which you do implement (it is not always like that of course, but take
    ISO 9001 as an illustrative example).


    I just came across another issue in a BCM-"concept". Standards provide a lot
    of helpful considerations und help to reduce forgetting obvious elements.
    Without them, it happens that external dependencies simply gets forgotten:

    Thought has been given to every process within a company - except external
    providers, such as the email-provider (for god's sake). So if the
    email-provider does not have a reasonable DR and BCM, your BCM is flawed...
    this happens...

    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  8. #8
    Member
    Join Date
    May 2005
    Posts
    93
    Hi, am interested on this disaster recovery planning and i wanna know the basics of it and how to document those planning. i wanted to propose this kind of planning but i dont have any idea where to start. can anyone point at the right directions?
    .sig na ture.

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    As stated ..depending on the business you are recovering ...will determine your strategy to recover it.

    Also the strategy will greatly depend on the type of "disaster".

    Off site storage of data is required by most insurance companies here in Canada....again depending on the business..I work mostly for manufacturers and retail stores....and am responsible for the recovery of data and systems.

    A few years ago we had a flood where the retail stores lost a huge amount of inventory and there was water damage interior of the stores....the recovery of that was based on insurance and government funding.

    Google is your friend...

    Find a business model similar to yours....and go from there

    MLF

  10. #10
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Where do i click if CISO of the company send's a mail to me with (http://www.symantec.com/connect/blog...ersus-zeus-bot) and asks me if Symantec is protecting us from Spyeye bot

    PS: I kid you not, he actually did that today.
    Last edited by ByTeWrangler; February 11th, 2010 at 06:00 PM.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Similar Threads

  1. ISO 17799 and ISO 27001
    By ISOguy in forum Regulatory Compliance
    Replies: 0
    Last Post: September 27th, 2006, 12:00 PM
  2. Data Security Risks Missing From Disaster Recovery Plans
    By Black Cluster in forum Security News
    Replies: 0
    Last Post: October 10th, 2005, 03:18 PM
  3. Starting a Computer Business?
    By |3lack|ce in forum Other Tutorials Forum
    Replies: 19
    Last Post: June 8th, 2005, 03:44 PM
  4. Disaster Recovery <=> Business Continuity
    By sirrahj in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: February 12th, 2003, 03:55 AM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides